author | Dan |
Sat, 11 Apr 2009 22:32:45 -0400 | |
changeset 898 | c75754f5b1da |
parent 801 | eb8b23f11744 |
child 960 | e74741b8360b |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{ |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialgroups_title", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialgroups_desc", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
685
17ebe24cdf85
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Dan
parents:
593
diff
changeset
|
8 |
"Version" : "1.1.5", |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
685
diff
changeset
|
15 |
* Version 1.1.6 (Caoineag beta 1) |
0 | 16 |
* Copyright (C) 2007 Dan Fuhry |
17 |
* |
|
18 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
19 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
20 |
* |
|
21 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
22 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
23 |
*/ |
|
24 |
||
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
590
diff
changeset
|
25 |
// $plugins->attachHook('session_started', 'SpecialGroups_paths_init();'); |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
26 |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
27 |
function SpecialGroups_paths_init() |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
28 |
{ |
0 | 29 |
global $paths; |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
30 |
$paths->add_page(Array( |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
31 |
'name'=>'specialpage_groupcp', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
32 |
'urlname'=>'Usergroups', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
33 |
'namespace'=>'Special', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
34 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
35 |
)); |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
573
diff
changeset
|
36 |
} |
0 | 37 |
|
38 |
function page_Special_Usergroups() |
|
39 |
{ |
|
40 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
41 |
global $email; // Import e-mail encryption functions |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
42 |
global $lang; |
0 | 43 |
|
44 |
if ( !$session->user_logged_in ) |
|
45 |
{ |
|
46 |
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); |
|
47 |
$db->close(); |
|
48 |
exit; |
|
49 |
} |
|
50 |
||
51 |
$template->header(); |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
52 |
userprefs_show_menu(); |
0 | 53 |
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) |
54 |
{ |
|
55 |
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
|
56 |
if ( empty($gid) || $gid < 1 ) |
|
57 |
{ |
|
58 |
die_friendly('Error', '<p>Hacking attempt</p>'); |
|
59 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
60 |
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
0 | 61 |
if ( !$q ) |
62 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
63 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 64 |
} |
65 |
$row = $db->fetchrow(); |
|
66 |
$db->free_result(); |
|
67 |
$members = array(); |
|
68 |
$pending = array(); |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
69 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments |
0 | 70 |
FROM '.table_prefix.'users AS u |
71 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
72 |
ON ( m.user_id = u.user_id ) |
|
73 |
LEFT JOIN '.table_prefix.'comments AS c |
|
74 |
ON ( c.name = u.username ) |
|
75 |
WHERE m.group_id=' . $gid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
76 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending |
0 | 77 |
ORDER BY m.is_mod DESC,u.username ASC;'); |
78 |
if ( !$q ) |
|
79 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
80 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 81 |
} |
82 |
||
83 |
$is_member = false; |
|
84 |
$is_mod = false; |
|
85 |
$is_pending = false; |
|
86 |
||
87 |
while ( $mr = $db->fetchrow() ) |
|
88 |
{ |
|
89 |
if ( $mr['pending'] == 1 ) |
|
90 |
{ |
|
91 |
$pending[] = $mr; |
|
92 |
if ( $mr['user_id'] == $session->user_id ) |
|
93 |
{ |
|
94 |
$is_pending = true; |
|
95 |
} |
|
96 |
} |
|
97 |
else |
|
98 |
{ |
|
99 |
$members[] = $mr; |
|
100 |
if ( $mr['user_id'] == $session->user_id ) |
|
101 |
{ |
|
102 |
$is_member = true; |
|
103 |
if ( $mr['is_mod'] == 1 ) |
|
104 |
{ |
|
105 |
$is_mod = true; |
|
106 |
} |
|
107 |
} |
|
108 |
} |
|
109 |
} |
|
110 |
||
111 |
$status = ( $is_member && $is_mod ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
112 |
? $lang->get('groupcp_status_mod') |
0 | 113 |
: ( ( $is_member && !$is_mod ) |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
114 |
? $lang->get('groupcp_status_member') |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
115 |
: $lang->get('groupcp_status_not_member') |
0 | 116 |
); |
117 |
||
118 |
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); |
|
119 |
||
120 |
switch ( $row['group_type'] ) |
|
121 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
122 |
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
123 |
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
124 |
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
125 |
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break; |
0 | 126 |
} |
127 |
||
128 |
if ( isset($_GET['act']) && $can_do_admin_stuff ) |
|
129 |
{ |
|
130 |
switch($_GET['act']) |
|
131 |
{ |
|
132 |
case 'update': |
|
133 |
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
134 |
{ |
|
135 |
die_friendly('ERROR', '<p>Hacking attempt</p>'); |
|
136 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
137 |
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
138 |
if ( !$q ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
139 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
140 |
$error = false; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
141 |
if ( $db->numrows() < 1 ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
142 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
143 |
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
144 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
145 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
146 |
$r = $db->fetchrow(); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
147 |
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
148 |
{ |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
149 |
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
150 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
151 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
152 |
if ( !$error ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
153 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
154 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
155 |
if (!$q) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
156 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
157 |
$row['group_type'] = $_POST['group_state']; |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
158 |
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
159 |
} |
0 | 160 |
break; |
161 |
case 'adduser': |
|
162 |
$username = $_POST['add_username']; |
|
163 |
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
|
164 |
||
165 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
|
166 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
167 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 168 |
if ($db->numrows() < 1) |
169 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
170 |
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>'; |
0 | 171 |
break; |
172 |
} |
|
173 |
$r = $db->fetchrow(); |
|
174 |
$db->free_result(); |
|
175 |
$uid = intval($r['user_id']); |
|
176 |
||
177 |
// Check if the user is already in the group, and if so, only update modship |
|
178 |
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
|
179 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
180 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 181 |
if ( $db->numrows() > 0 ) |
182 |
{ |
|
183 |
$r = $db->fetchrow(); |
|
184 |
if ( (string) $r['is_mod'] != $mod ) |
|
185 |
{ |
|
186 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
|
187 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
188 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 189 |
foreach ( $members as $i => $member ) |
190 |
{ |
|
191 |
if ( $member['member_id'] == $r['member_id'] ) |
|
192 |
$members[$i]['is_mod'] = (int)$mod; |
|
193 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
194 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>'; |
0 | 195 |
} |
196 |
else |
|
197 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
198 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>'; |
0 | 199 |
} |
200 |
break; |
|
201 |
} |
|
202 |
||
203 |
$db->free_result(); |
|
204 |
||
205 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
|
206 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
207 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
208 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>'; |
0 | 209 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
210 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 211 |
FROM '.table_prefix.'users AS u |
212 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
213 |
ON ( m.user_id = u.user_id ) |
|
214 |
LEFT JOIN '.table_prefix.'comments AS c |
|
215 |
ON ( c.name = u.username ) |
|
216 |
WHERE m.group_id=' . $gid . ' |
|
217 |
AND m.pending!=1 |
|
218 |
AND u.user_id=' . $uid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
219 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 220 |
ORDER BY m.is_mod DESC,u.username ASC |
221 |
LIMIT 1;'); |
|
222 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
223 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 224 |
|
225 |
$r = $db->fetchrow(); |
|
226 |
$members[] = $r; |
|
227 |
$db->free_result(); |
|
228 |
||
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
229 |
// just added a user to the group, so regenerate the ranks cache |
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
564
diff
changeset
|
230 |
generate_cache_userranks(); |
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
231 |
|
0 | 232 |
break; |
233 |
case 'del_users': |
|
234 |
foreach ( $members as $i => $member ) |
|
235 |
{ |
|
236 |
if ( isset($_POST['del_user'][$member['member_id']]) ) |
|
237 |
{ |
|
238 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
239 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
240 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 241 |
unset($members[$i]); |
242 |
} |
|
243 |
} |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
244 |
// regenerate the ranks cache |
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
564
diff
changeset
|
245 |
generate_cache_userranks(); |
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
246 |
|
0 | 247 |
break; |
248 |
case 'pending': |
|
249 |
foreach ( $pending as $i => $member ) |
|
250 |
{ |
|
251 |
if ( isset( $_POST['with_user'][$member['member_id']]) ) |
|
252 |
{ |
|
253 |
if ( isset ( $_POST['do_appr_pending'] ) ) |
|
254 |
{ |
|
255 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
|
256 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
257 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 258 |
$members[] = $member; |
259 |
unset($pending[$i]); |
|
260 |
continue; |
|
261 |
} |
|
262 |
elseif ( isset ( $_POST['do_reject_pending'] ) ) |
|
263 |
{ |
|
264 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
265 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
266 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 267 |
unset($pending[$i]); |
268 |
} |
|
269 |
} |
|
270 |
} |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
271 |
// memberships updated/changed, regenerate ranks cache |
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
564
diff
changeset
|
272 |
generate_cache_userranks(); |
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
273 |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
274 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>'; |
0 | 275 |
break; |
276 |
} |
|
277 |
} |
|
278 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
279 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff ) |
0 | 280 |
{ |
281 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
|
282 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
283 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
284 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>'; |
0 | 285 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
286 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 287 |
FROM '.table_prefix.'users AS u |
288 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
289 |
ON ( m.user_id = u.user_id ) |
|
290 |
LEFT JOIN '.table_prefix.'comments AS c |
|
291 |
ON ( c.name = u.username ) |
|
292 |
WHERE m.group_id=' . $gid . ' |
|
293 |
AND m.pending!=1 |
|
294 |
AND u.user_id=' . $session->user_id . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
295 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 296 |
ORDER BY m.is_mod DESC,u.username ASC |
297 |
LIMIT 1;'); |
|
298 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
299 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 300 |
|
301 |
$r = $db->fetchrow(); |
|
302 |
$members[] = $r; |
|
303 |
$db->free_result(); |
|
304 |
||
305 |
} |
|
306 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
307 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff ) |
0 | 308 |
{ |
309 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
|
310 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
311 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
312 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>'; |
0 | 313 |
} |
314 |
||
315 |
$state_btns = ( $can_do_admin_stuff ) ? |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
316 |
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
317 |
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
318 |
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
319 |
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>' |
0 | 320 |
: $g_state; |
321 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) |
|
322 |
{ |
|
323 |
if ( $is_pending ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
324 |
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending'); |
0 | 325 |
else |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
326 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />'; |
0 | 327 |
} |
328 |
||
329 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) |
|
330 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
331 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />'; |
0 | 332 |
} |
333 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
334 |
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
335 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
336 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
337 |
$row['group_name'] = $str; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
338 |
|
0 | 339 |
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> |
340 |
<div class="tblholder"> |
|
341 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
342 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
343 |
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th> |
0 | 344 |
</tr> |
345 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
346 |
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
347 |
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td> |
0 | 348 |
</tr> |
349 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
350 |
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td> |
0 | 351 |
<td class="row1">' . $status . '</td> |
352 |
</tr> |
|
353 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
354 |
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td> |
0 | 355 |
<td class="row1">' . $state_btns . '</td> |
356 |
</tr> |
|
357 |
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' |
|
358 |
<tr> |
|
359 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
360 |
<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> |
0 | 361 |
</th> |
362 |
</tr> |
|
363 |
' : '' ) . ' |
|
364 |
</table> |
|
365 |
</div> |
|
366 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
367 |
</form>'; |
|
368 |
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) |
|
369 |
{ |
|
370 |
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> |
|
371 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
372 |
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2> |
0 | 373 |
<div class="tblholder"> |
374 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
375 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
376 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
377 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
378 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
379 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
380 |
<th>' . $lang->get('groupcp_th_select') . '</th> |
0 | 381 |
</tr>'; |
382 |
$cls = 'row2'; |
|
383 |
foreach ( $pending as $member ) |
|
384 |
{ |
|
385 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
386 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 387 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
388 |
$addy = $email->encryptEmail($member['email']); |
|
389 |
||
390 |
echo "<tr> |
|
391 |
<td class='{$cls}'>{$member['username']}</td> |
|
392 |
<td class='{$cls}'>{$addy}</td> |
|
393 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
394 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 395 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> |
396 |
</tr>"; |
|
397 |
} |
|
398 |
echo '</table> |
|
399 |
</div> |
|
400 |
<div style="margin: 10px 0 0 auto;"> |
|
401 |
With selected: |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
402 |
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" /> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
403 |
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" /> |
0 | 404 |
</div> |
405 |
</form>'; |
|
406 |
} |
|
407 |
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
408 |
<h2>' . $lang->get('groupcp_th_group_members') . '</h2> |
0 | 409 |
<div class="tblholder"> |
410 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
411 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
412 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
413 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
414 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
415 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
416 |
' . ( ( $can_do_admin_stuff ) ? ' |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
417 |
<th>' . $lang->get('groupcp_th_remove') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
418 |
' : '' ) . ' |
0 | 419 |
</tr> |
420 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
421 |
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th> |
0 | 422 |
</tr>'; |
423 |
$mod_printed = false; |
|
424 |
$mem_printed = false; |
|
425 |
$cls = 'row2'; |
|
426 |
||
427 |
foreach ( $members as $member ) |
|
428 |
{ |
|
429 |
if ( $member['is_mod'] != 1 ) |
|
430 |
break; |
|
431 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
432 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 433 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
434 |
$addy = $email->encryptEmail($member['email']); |
|
435 |
||
436 |
$mod_printed = true; |
|
437 |
||
438 |
echo "<tr> |
|
439 |
<td class='{$cls}'>{$member['username']}</td> |
|
440 |
<td class='{$cls}'>{$addy}</td> |
|
441 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
442 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 443 |
" . ( ( $can_do_admin_stuff ) ? " |
444 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
445 |
" : '' ) . " |
|
446 |
</tr>"; |
|
447 |
} |
|
448 |
if (!$mod_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
449 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>'; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
450 |
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>'; |
0 | 451 |
foreach ( $members as $member ) |
452 |
{ |
|
453 |
if ( $member['is_mod'] == 1 ) |
|
454 |
continue; |
|
455 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
456 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 457 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
458 |
$addy = $email->encryptEmail($member['email']); |
|
459 |
||
460 |
$mem_printed = true; |
|
461 |
||
462 |
echo "<tr> |
|
463 |
<td class='{$cls}'>{$member['username']}</td> |
|
464 |
<td class='{$cls}'>{$addy}</td> |
|
465 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
466 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 467 |
" . ( ( $can_do_admin_stuff ) ? " |
468 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
469 |
" : '' ) . " |
|
470 |
</tr>"; |
|
471 |
} |
|
472 |
if (!$mem_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
473 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>'; |
0 | 474 |
echo ' </table> |
475 |
</div>'; |
|
476 |
if ( $can_do_admin_stuff ) |
|
477 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
478 |
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>"; |
0 | 479 |
} |
480 |
echo '<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
481 |
</form>'; |
|
482 |
if ( $can_do_admin_stuff ) |
|
483 |
{ |
|
484 |
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> |
|
485 |
<div class="tblholder"> |
|
486 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
487 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
488 |
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th> |
0 | 489 |
</tr> |
490 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
491 |
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td> |
0 | 492 |
</tr> |
493 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
494 |
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td> |
0 | 495 |
</tr> |
496 |
<tr> |
|
497 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
498 |
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" /> |
0 | 499 |
</th> |
500 |
</tr> |
|
501 |
</table> |
|
502 |
</div> |
|
503 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
504 |
</form>'; |
|
505 |
} |
|
506 |
} |
|
507 |
else |
|
508 |
{ |
|
509 |
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
510 |
echo '<div class="tblholder"> |
|
511 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
512 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
513 |
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th> |
0 | 514 |
</tr> |
515 |
<tr> |
|
30 | 516 |
<td class="row2" style="text-align: right; width: 50%;"> |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
517 |
' . $lang->get('groupcp_lbl_current_memberships') . ' |
0 | 518 |
</td> |
30 | 519 |
<td class="row1" style="width: 50%;">'; |
0 | 520 |
$taboo = Array('Everyone'); |
30 | 521 |
if ( sizeof ( $session->groups ) > count($taboo) ) |
0 | 522 |
{ |
523 |
echo '<select name="group_id">'; |
|
524 |
foreach ( $session->groups as $id => $group ) |
|
525 |
{ |
|
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
526 |
$taboo[] = $db->escape($group); |
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
527 |
$group = htmlspecialchars($group); |
0 | 528 |
if ( $group != 'Everyone' ) |
529 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
530 |
$g_name_local = 'groupcp_grp_' . strtolower($group); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
531 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
532 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
533 |
$group = $str; |
0 | 534 |
echo '<option value="' . $id . '">' . $group . '</option>'; |
535 |
} |
|
536 |
} |
|
537 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
538 |
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />'; |
0 | 539 |
} |
540 |
else |
|
541 |
{ |
|
542 |
echo 'None'; |
|
543 |
} |
|
544 |
||
545 |
echo '</td> |
|
546 |
</tr>'; |
|
547 |
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; |
|
548 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); |
|
549 |
if(!$q) |
|
550 |
{ |
|
551 |
echo $db->get_error(); |
|
552 |
$template->footer(); |
|
553 |
return; |
|
554 |
} |
|
555 |
if($db->numrows() > 0) |
|
556 |
{ |
|
557 |
echo '<tr> |
|
558 |
<td class="row2" style="text-align: right;"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
559 |
' . $lang->get('groupcp_lbl_non_memberships') . ' |
0 | 560 |
</td> |
561 |
<td class="row1"> |
|
562 |
<select name="group_id_n">'; |
|
563 |
while ( $row = $db->fetchrow() ) |
|
564 |
{ |
|
565 |
if ( $row['group_name'] != 'Everyone' ) |
|
566 |
{ |
|
357 | 567 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>'; |
0 | 568 |
} |
569 |
} |
|
570 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
571 |
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" /> |
0 | 572 |
</td> |
573 |
</tr> |
|
574 |
'; |
|
575 |
} |
|
576 |
$db->free_result(); |
|
577 |
echo '</table> |
|
578 |
</div> |
|
579 |
</form>'; |
|
580 |
} |
|
581 |
$template->footer(); |
|
582 |
} |
|
583 |
||
584 |
?> |